httpd-apreq-dev mailing list archives

Joe Schaefer <joe+gmane@sunstarsys.com> writes:
[...]
> Keep in mind that apreq2 has no reason to assume whatever cleanup
> handlers we install will ever be run. The server can abort prematurely
> on a signal, segfault, or an untrapped exception. If we start leaving our
> tempfiles lying around whenever that happens, we create an opportunity
> for a DoS attack.
I just looked over apr's Unix implementation of APR_DELONCLOSE,
and it simply registers a pool cleanup handler that unlinks the
file. Only Win32's open() actually supports this on the OS-level.
So I'm +0 for dumbing down the Win32 port to Unix's level by removing
that flag from apreq_file_mktemp and having it register a pool cleanup
handler that unlinks the tempfile.
--
Joe Schaefer